#12244: python3-3.7.4
-------------------------+-----------------------
Reporter: bdubbs | Owner: bdubbs
Type: enhancement | Status: assigned
Priority: normal | Milestone: 9.0
Component: BOOK | Version: SVN
Severity: normal | Resolution:
Keywords: |
-------------------------+-----------------------
Comment (by bdubbs):
What's New in Python 3.7.4 final?
*Release date: 2019-07-08*
Core and Builtins
- bpo-37500: Due to unintended side effects, revert the change introduced
by
:issue:`1875` in 3.7.4rc1 to check for syntax errors in dead conditional
code blocks.
Documentation
- bpo-37149: Replace the dead link to the Tkinter 8.5 reference by John
Shipman, New Mexico Tech, with a link to the archive.org copy.
What's New in Python 3.7.4 release candidate 2?
Security
- bpo-37463: ssl.match_hostname() no longer accepts IPv4 addresses with
additional text after the address and only quad-dotted notation without
trailing whitespaces. Some inet_aton() implementations ignore whitespace
and all data after whitespace, e.g. '127.0.0.1 whatever'.
Core and Builtins
- bpo-24214: Improved support of the surrogatepass error handler in the
UTF-8 and UTF-16 incremental decoders.
Library
- bpo-37440: http.client now enables TLS 1.3 post-handshake authentication
for default context or if a cert_file is passed to HTTPSConnection.
- bpo-37437: Update vendorized expat version to 2.2.7.
- bpo-37428: SSLContext.post_handshake_auth = True no longer sets
SSL_VERIFY_POST_HANDSHAKE verify flag for client connections. Although
the
option is documented as ignored for clients, OpenSSL implicitly enables
cert chain validation when the flag is set.
- bpo-32627: Fix compile error when ``_uuid`` headers conflicting
included.
Windows
- bpo-37369: Fixes path for :data:`sys.executable` when running from the
Microsoft Store.
- bpo-35360: Update Windows builds to use SQLite 3.28.0.
macOS
- bpo-34602: Avoid test suite failures on macOS by no longer calling
resource.setrlimit to increase the process stack size limit at runtime.
The runtime change is no longer needed since the interpreter is being
built with a larger default stack size.
What's New in Python 3.7.4 release candidate 1?
Security
- bpo-35907: CVE-2019-9948: Avoid file reading by disallowing
``local-file://`` and ``local_file://`` URL schemes in
``URLopener().open()`` and ``URLopener().retrieve()`` of
:mod:`urllib.request`.
- bpo-36742: Fixes mishandling of pre-normalization characters in
urlsplit().
- bpo-30458: Address CVE-2019-9740 by disallowing URL paths with embedded
whitespace or control characters through into the underlying http client
request. Such potentially malicious header injection URLs now cause an
http.client.InvalidURL exception to be raised.
- bpo-33529: Prevent fold function used in email header encoding from
entering infinite loop when there are too many non-ASCII characters in a
header.
- bpo-35755: :func:`shutil.which` now uses ``os.confstr("CS_PATH")`` if
available and if the :envvar:`PATH` environment variable is not set.
Remove also the current directory from :data:`posixpath.defpath`. On
Unix,
:func:`shutil.which` and the :mod:`subprocess` module no longer search
the
executable in the current directory if the :envvar:`PATH` environment
variable is not set.
Core and Builtins
- bpo-37269: Fix a bug in the peephole optimizer that was not treating
correctly constant conditions with binary operators. Patch by Pablo
Galindo.
- bpo-37219: Remove errorneous optimization for empty set differences.
- bpo-26423: Fix possible overflow in ``wrap_lenfunc()`` when
``sizeof(long)
< sizeof(Py_ssize_t)`` (e.g., 64-bit Windows).
- bpo-36829: :c:func:`PyErr_WriteUnraisable` now displays the exception
even
if displaying the traceback failed. Moreover, hold a strong reference to
:data:`sys.stderr` while using it. Document that an exception must be
set
when calling :c:func:`PyErr_WriteUnraisable`.
- bpo-36907: Fix a crash when calling a C function with a keyword dict
(``f(**kwargs)``) and changing the dict ``kwargs`` while that function
is
running.
- bpo-36946: Fix possible signed integer overflow when handling slices.
- bpo-27987: ``PyGC_Head`` structure is aligned to ``long double``. This
is
needed to ensure GC-ed objects are aligned properly. Patch by Inada
Naoki.
- bpo-1875: A :exc:`SyntaxError` is now raised if a code blocks that will
be
optimized away (e.g. if conditions that are always false) contains
syntax
errors. Patch by Pablo Galindo. (Reverted in 3.7.4 final by
:issue:`37500`.)
- bpo-28866: Avoid caching attributes of classes which type defines mro()
to
avoid a hard cache invalidation problem.
- bpo-27639: Correct return type for UserList slicing operations. Patch by
Michael Blahay, Erick Cervantes, and vaultah
- bpo-32849: Fix Python Initialization code on FreeBSD to detect properly
when stdin file descriptor (fd 0) is invalid.
- bpo-27987: pymalloc returns memory blocks aligned by 16 bytes, instead
of
8 bytes, on 64-bit platforms to conform x86-64 ABI. Recent compilers
assume this alignment more often. Patch by Inada Naoki.
- bpo-36504: Fix signed integer overflow in _ctypes.c's
``PyCArrayType_new()``.
- bpo-20844: Fix running script with encoding cookie and LF line ending
may
fail on Windows.
- bpo-24214: Fixed support of the surrogatepass error handler in the UTF-8
incremental decoder.
- bpo-36459: Fix a possible double ``PyMem_FREE()`` due to tokenizer.c's
``tok_nextc()``.
- bpo-36433: Fixed TypeError message in classmethoddescr_call.
- bpo-36430: Fix a possible reference leak in :func:`itertools.count`.
- bpo-36440: Include node names in ``ParserError`` messages, instead of
numeric IDs. Patch by A. Skrobov.
- bpo-36421: Fix a possible double decref in _ctypes.c's
``PyCArrayType_new()``.
- bpo-36256: Fix bug in parsermodule when parsing a state in a DFA that
has
two or more arcs with labels of the same type. Patch by Pablo Galindo.
- bpo-36236: At Python initialization, the current directory is no longer
prepended to :data:`sys.path` if it has been removed.
- bpo-36262: Fix an unlikely memory leak on conversion from string to
float
in the function ``_Py_dg_strtod()`` used by ``float(str)``,
``complex(str)``, :func:`pickle.load`, :func:`marshal.load`, etc.
- bpo-36218: Fix a segfault occuring when sorting a list of heterogeneous
values. Patch contributed by RĂ©mi Lapeyre and Elliot Gorokhovsky.
- bpo-36035: Added fix for broken symlinks in combination with pathlib
- bpo-18372: Add missing :c:func:`PyObject_GC_Track` calls in the
:mod:`pickle` module. Patch by Zackery Spytz.
- bpo-34408: Prevent a null pointer dereference and resource leakage in
``PyInterpreterState_New()``.
More. See Misc/NEWS in tarball.
--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/12244#comment:2>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
